Repository 32bit  Forum
Repository 64bit  Wiki
Fri Nov 4 03:31:38 UTC 2016
patches/packages/bind-9.9.9_P4-i486-1_slack14.1.txz: Upgraded.
  This update fixes a denial-of-service vulnerability. A defect in BIND's
  handling of responses containing a DNAME answer can cause a resolver to exit
  after encountering an assertion failure in db.c or resolver.c. A server
  encountering either of these error conditions will stop, resulting in denial
  of service to clients. The risk to authoritative servers is minimal;
  recursive servers are chiefly at risk.
  For more information, see:
  https://kb.isc.org/article/AA-01434
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864
  (* Security fix *)
patches/packages/curl-7.51.0-i486-1_slack14.1.txz: Upgraded.
  This release fixes security issues:
  CVE-2016-8615: cookie injection for other servers
  CVE-2016-8616: case insensitive password comparison
  CVE-2016-8617: OOB write via unchecked multiplication
  CVE-2016-8618: double-free in curl_maprintf
  CVE-2016-8619: double-free in krb5 code
  CVE-2016-8620: glob parser write/read out of bounds
  CVE-2016-8621: curl_getdate read out of bounds
  CVE-2016-8622: URL unescape heap overflow via integer truncation
  CVE-2016-8623: Use-after-free via shared cookies
  CVE-2016-8624: invalid URL parsing with '#'
  CVE-2016-8625: IDNA 2003 makes curl use wrong host
  For more information, see:
  https://curl.haxx.se/docs/adv_20161102A.html
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615
  https://curl.haxx.se/docs/adv_20161102B.html
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616
  https://curl.haxx.se/docs/adv_20161102C.html
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617
  https://curl.haxx.se/docs/adv_20161102D.html
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618
  https://curl.haxx.se/docs/adv_20161102E.html
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619
  https://curl.haxx.se/docs/adv_20161102F.html
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620
  https://curl.haxx.se/docs/adv_20161102G.html
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621
  https://curl.haxx.se/docs/adv_20161102H.html
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622
  https://curl.haxx.se/docs/adv_20161102I.html
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623
  https://curl.haxx.se/docs/adv_20161102J.html
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624
  https://curl.haxx.se/docs/adv_20161102K.html
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625
  (* Security fix *)
patches/packages/glibc-zoneinfo-2016i-noarch-1_slack14.1.txz: Upgraded.
  This package provides the latest timezone updates.